International Association for Cryptologic Research

International Association
for Cryptologic Research

CryptoDB

Gilles Piret

Affiliation: Oberthur Technologies

Publications

Year
Venue
Title
2006
FSE
2004
FSE
2003
CHES
2003
EPRINT
Integral Cryptanalysis on reduced-round Safer++
In this paper we describe an integral distinguisher over 2 rounds of Safer++. It allows a practical attack against 3 rounds of Safer++128, as well as attacks on 4 rounds of Safer++128 and Safer++256, under the chosen-plaintext hypothesis. These results achieve much lower complexity than the currently known best attacks on Safer++, namely weak-key linear cryptanalysis by Nakahara. As a side result, we prove that the byte-branch number of the linear transform of Safer++ is 5. We also discuss a way for further research in order to extend integral cryptanalysis.